Executive Summary
Summary | |
---|---|
Title | Updated wireshark packages fix denial of service vulnerabilities |
Informations | |||
---|---|---|---|
Name | MDVSA-2008:057 | First vendor Publication | 2008-03-03 |
Vendor | Mandriva | Last vendor Modification | 2008-03-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A few vulnerabilities were found in Wireshark, that could cause it to crash or consume excessive memory under certain conditions. This update rovides Wireshark 0.99.8 which is not vulnerable to the issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:057 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10188 | |||
Oval ID: | oval:org.mitre.oval:def:10188 | ||
Title: | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. | ||
Description: | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1072 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11378 | |||
Oval ID: | oval:org.mitre.oval:def:11378 | ||
Title: | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Description: | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1070 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11633 | |||
Oval ID: | oval:org.mitre.oval:def:11633 | ||
Title: | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Description: | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1071 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14784 | |||
Oval ID: | oval:org.mitre.oval:def:14784 | ||
Title: | SNMP dissector vulnerability in Wireshark 0.99.6 through 0.99.7 | ||
Description: | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1071 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14995 | |||
Oval ID: | oval:org.mitre.oval:def:14995 | ||
Title: | SCTP dissector vulnerability in Wireshark 0.99.5 through 0.99.7 | ||
Description: | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1070 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:057 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_057.nasl |
2009-03-06 | Name : RedHat Update for wireshark RHSA-2008:0890-01 File : nvt/gb_RHSA-2008_0890-01_wireshark.nasl |
2009-02-27 | Name : CentOS Update for wireshark CESA-2008:0890 centos3 i386 File : nvt/gb_CESA-2008_0890_wireshark_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for wireshark CESA-2008:0890 centos3 x86_64 File : nvt/gb_CESA-2008_0890_wireshark_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for wireshark CESA-2008:0890 centos4 i386 File : nvt/gb_CESA-2008_0890_wireshark_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for wireshark CESA-2008:0890 centos4 x86_64 File : nvt/gb_CESA-2008_0890_wireshark_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for wireshark FEDORA-2008-3040 File : nvt/gb_fedora_2008_3040_wireshark_fc8.nasl |
2009-02-16 | Name : Fedora Update for wireshark FEDORA-2008-2941 File : nvt/gb_fedora_2008_2941_wireshark_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-32 (wireshark) File : nvt/glsa_200803_32.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42577 | Wireshark TFTP Dissector Malformed Packet Handling Remote DoS |
42576 | Wireshark SNMP Dissector Malformed Packet Handling Remote DoS |
42575 | Wireshark SCTP Dissector Malformed Packet Handling Remote DoS Wireshark SCTP dissector contains a flaw that may allow a remote denial of service. The issue is triggered when malformed packets or trace files are loaded, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0890.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081001_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-057.nasl - Type : ACT_GATHER_INFO |
2008-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0890.nasl - Type : ACT_GATHER_INFO |
2008-10-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0890.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2941.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3040.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-32.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:15 |
|